Increasing Anonymity in Crowds via Dummy Jondos By: Benjamin Winninger.

Slides:



Advertisements
Similar presentations
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Advertisements

CHANGING THE WAY IT WORKS Cloud Computing 4/6/2015 Presented by S.Ganesh ( )
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Replication. Topics r Why Replication? r System Model r Consistency Models r One approach to consistency management and dealing with failures.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
HTML FORMS
End-to-End Arguments in System Design J.H. Saltzer, D.P. Reed and D.D Clark M.I.T. Laboratory for Computer Science Presented by Jimmy Pierce.
Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
Authors: Thomas Ristenpart, et at.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Switching Techniques Student: Blidaru Catalina Elena.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
A Tale of Research: From Crowds to Deeper Understandings Matthew Wright Jan. 25, : Adv. Network Security.
Traffic Analysis Prevention Chris Conger CIS6935 – Cryptographic Protocols 11/16/2004.
A Music Filled Flask - Real Time Distributed Transcoding Nicholas Jaeger, Trey Zahradka, & Dr. Peter Bui Department of Computer Science  University of.
J.H.Saltzer, D.P.Reed, C.C.Clark End-to-End Arguments in System Design Reading Group 19/11/03 Torsten Ackemann.
Introduction and Overview Questions answered in this lecture: What is an operating system? How have operating systems evolved? Why study operating systems?
Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.
BY OLIVIA WILSON AND BRITTANY MCDONALD Up Your Shields with Shields Up!
2012 4th International Conference on Cyber Conflict C. Czosseck, R. Ottis, K. Ziolkowski (Eds.) 2012 © NATO CCD COE Publications, Tallinn 朱祐呈.
Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.
Anonymity on the Internet Presented by Randy Unger.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Computer Studies (AL) Memory Management Virtual Memory I.
Graph Colouring L09: Oct 10. This Lecture Graph coloring is another important problem in graph theory. It also has many applications, including the famous.
Anonymity on Web Transaction Department of Computer Science Ball State University Research Methods - CS 689 Uday Adhikari 7 th Dec
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
1 - CS7701 – Fall 2004 Review of: Detecting Network Intrusions via Sampling: A Game Theoretic Approach Paper by: – Murali Kodialam (Bell Labs) – T.V. Lakshman.
Lecture 13: Anonymity on the Web Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.
Presented by Sharan Dhanala
Crowds: Anonymity for Web Transactions Michael Reiter and Avi Rubin 1998.
Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan.
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
Quality Is in the Eye of the Beholder: Meeting Users ’ Requirements for Internet Quality of Service Anna Bouch, Allan Kuchinsky, Nina Bhatti HP Labs Technical.
1 Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
I N T HE N AME OF G OD. T IME T O M ARKET (TTM) W HAT IS TTM ? time to market ( TTM ) is the length of time it takes from a product being conceived until.
Cofax Scalability Document Version Scaling Cofax in General The scalability of Cofax is directly related to the system software, hardware and network.
1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.
DDoS Attacks on Financial Institutions Presentation
Outline Properties of keys Key management Key servers Certificates.
Anonymous Communication
Web Caching? Web Caching:.
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Towards Measuring Anonymity
The New Virtual Organization Membership Service (VOMS)
Anonymous Communication
Switching Techniques.
Anonymous Communication
Peer-to-Peer Information Systems Week 7: Anonymity Part 2
Increasing Anonymity via Dummy Jondos in a Crowd
Contributors: Connor McCoy
Presentation transcript:

Increasing Anonymity in Crowds via Dummy Jondos By: Benjamin Winninger

Introduction and Problem Faced When it comes to crowds, bigger is always better, as most anonymity metrics are directly dependent on crowd size. I was attempting to include “dummy jondos” to bolster crowd size and increase resistance against three common attacks:  Local eavesdropper  End server  Collaborating jondo

How To Determine If Dummy Jondos Improve Crowds In order to determine if dummy jondos are even worth utilizing, we need to compare:  The likelihood of a degree of anonymity being provided against a class of attacker in the traditional and new crowd schemes.

Crowds: Technical Overview Collection of users, each represented by their jondo processes. Jondos contact blender server to request admission to the crowd. Once in the crowd, a user sends a request:  The jondo forwards the request to another jondo with probability p f (virtual circuit created)  Or to the end server with probability 1- p f

Dummy Jondos: Original Concept The crowd organizer can add an arbitrary amount of jondos to the crowd, thereby increasing the size of the crowd n to a large value. Chance of a local eavesdropper getting lucky drops significantly. This makes the amount of collaborators c required to perform a collaborating jondo attack (possibly unachievably) large.

Dummy Jondos: Original Concept Problems Sounds like we’ve beaten the system, but…  If the organizer is corrupt, he is now in the perfect position to perform the collaborating jondo attack!  How can the organizer properly set up and control proxies that he might not own?

Dummy Jondos: New Concept Rather than introducing outside “users” to the crowd, make better use of the registered users. We can no longer add an arbitrary number of jondos, but try to bring in registered (inactive) jondos. Daemon process activated on computer startup: bring user’s jondo into the crowd in dummy mode.

Dummy Jondos: New Concept Consider that it is entirely possible that a user may never request to use the Web.  Paths generated for the crowd will never include this jondo.  User may be using a text editor, fiddling with a virtual machine, developing a program, etc.  We would have submaximal n without them!

Dummy Jondos: Dummy Mode vs. User Mode A jondo in user mode will act the same as the jondos in a traditional crowd. The jondo establishes a path, sends out requests, receives responses, forwards requests for others, and so on. After a period of inactivity within a percentage of a user defined timeout, switch to dummy mode.

Dummy Jondos: Dummy Mode vs. User Mode A dummy jondo should theoretically mimic what the user does:  Store a list of previous requests from user mode and randomly repeat them?  No… :  If a user made a payment, they would be scratching their head when they check their bank account or bitcoin wallet!  Anonymity for a request subject to compromise when it is sent multiple times!

Dummy Jondos: Dummy Mode vs. User Mode Create a list of common servers (Google, Facebook, YouTube, etc.). Create a set of commands to execute on these servers (ping, whois, nslookup). Randomly execute one of the commands on one of the servers after a bounded random time interval (all editable values in a config file).

Dummy Jondos: Dummy Mode vs. User Mode If an attacker sees that a dummy jondo sent a request to Google for example, it wouldn’t be particularly informative since Google is the most popular website in America. Even if a request wasn’t to a popular server, the commands aren’t being given by a user (shouldn’t compromise anonymity) so who cares if they are compromised?

Green Circles: Good Jondos Red Circles: Collaborating Jondos Purple Circles: Dummy Jondos Green Squares: Good Servers Red Squares: Corrupt Servers

Degrees of Anonymity for Crowds

Local Eavesdropper Attack Local Eavesdropper: An attacker who can view all communication to and from a user. If the eavesdropper gets lucky and listens to the sender who submits to the server, then the sender is exposed! Otherwise, the receiver is beyond suspicion. As the size of the crowd increases, the probability of a local eavesdropper getting lucky decreases.

Dummy Jondos and the Local Eavesdropper Attack The probability of a jondo submitting its request to the end server is 1/ n The same logic applies to a crowd with dummy jondos, but the size is now ( n + d ), where d represents the number of dummy jondos. The resulting probabilities are therefore 1/ n ≥ 1/( n+d ). Guarantee to provide no less anonymity than original crowd.

End Server Attack End Server: The web server to which the jondo’s request is sent. Since the server can see traffic to and from itself, receiver anonymity isn’t possible! Also, since any jondo could have forwarded the request, it is impossible to determine the originator. As the size of the crowd increases, the probability of determining which jondo forwarded the request decreases.

Dummy Jondos and the End Server Attack Unsurprisingly, there is almost no difference between a traditional crowd and one that uses dummy jondos. The crowd naturally strongly resists the end server attack. The only difference might be a crowd with dummy jondos could increase a crowd of size 1 or 2 to a more reasonable size.

Collaborating Jondo Attack Collaborating Jondos: A group of crowd members that can view all communication to and from “collaborating” users and pool this information together to find the sender of a request. If the inequality n ≥ ( p f *( c +1))/( p f -(1/2)) is satisfied, then the sender has probable innocence. As the size of the crowd increases, the number of collaborating jondos that it can resist also increases!

Dummy Jondos and the Collaborating Jondo Attack Two ways to try and manipulate n ≥ ( p f *( c +1))/( p f -(1/2)):  We can increase n, via dummy jondos  We can try and “minimize” p f /( p f -(1/2))

Dummy Jondos: Increasing n As we’ve seen in the local eavesdropper attack: dummy jondos increase the size of the crowd from n to ( n + d). Can rewrite inequality as (n + d ) ≥ ( p f *( c +1))/( p f -(1/2)) Same guarantee as the local eavesdropper attack: the crowd with dummy jondos will provide no less anonymity.

Dummy Jondos (Aside): Increasing Path Length While manipulating p f isn’t specifically the responsibility of dummy jondos, it is worth considering to combat the collaborating jondo attack. No true minimum for p f /( p f -(1/2)), instead look for where increase in p f no longer becomes “worth it”.  Clearly a subjective measure.

Dummy Jondos (Aside): Increasing Path Length It appears that “sweet spot” for p f for maximizing anonymity is somewhere in the range of [0.75,0.85]. However, as n grows this p f may not be sustainable for latency’s sake. Thus, it might be desirable to have a sliding scale type of function for the pf in which the value is initially somewhere in the range of [0.75,0.85], but then drops slightly over time to accommodate growing/shrinking crowd size.

Conclusions Dummy jondos no longer set up a crowd to be attacked, but attempt to get an optimal crowd size relative to the number of registered users. Dummy jondos offer the promise of improved anonymity over traditional crowds with the guarantee of being no worse.

Conclusions The behavior of a dummy jondo should be relatively human-like, and so a more realistic behavioral model could likely be developed. When I begin implementing this system (eventually), I will be able to get real data to prove or refute initial ideas from this research (e.g. latency vs. p f ). I will also be able to redefine various aspects as (inevitable) conflicts arise.

Why Does This Even Matter? With the recent leaks about NSA data collection, possibly now more than ever people are concerned with their e-privacy. Crowds offer scalability and good performance for Internet users while defending against several classes of attackers. Thus any improvement on crowds could make them more viable for mass usage.

References Diaz, Claudia, and Bart Preneel. "Taxonomy of Mixes and Dummy Traffic.". University of Leuven. Web.. Newman, Richard E. "Anonymity – Crowds." CIS 6930/4930 Cryptographic Anonymity. University of Florida. Web. 22 Nov Reiter, Michael K., and Aviel D. Rubin. "Crowds: Anonymity for Web Transactions." ACM Transactions on Information and System Security (1998): CIS 6930/4930 Cryptographic Anonymity. University of Florida. Web. 20 Nov Shields, Clay, and Brian Neil Levine. "A Protocol for Anonymous Communication Over the Internet.“ Georgetown University. Web. 28 Nov Wright, Matthew K.; Adler, Micah; Levine, Brian Neil; and Sheilds, Clay, "The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems" (2002). Computer Science Department Faculty Publication Series. Paper 164..